Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUGFIX] Fix thumbnails and download from backend #189

Merged
merged 2 commits into from
Sep 22, 2022
Merged

[BUGFIX] Fix thumbnails and download from backend #189

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8233513
[BUGFIX] Fix thumbnails and download from backend
Jul 7, 2022
22af9b9
[TASK] Increase version to 4.0.1
Sep 22, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion Classes/Hooks/FileDumpHook.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,7 @@ public function checkFileAccess(ResourceInterface $file)
*/
protected function dumpFileContents($file, $asDownload, $resumableDownload)
{
$downloadName = $file->getProperty('download_name') ?: $file->getName();
$downloadName = $file->hasProperty('download_name') ? $file->getProperty('download_name') : $file->getName();

// Make sure downloadName has a file extension
$fileParts = pathinfo($downloadName);
Expand Down Expand Up @@ -330,6 +330,10 @@ protected function checkPermissions()
/** @var $checkPermissionsService CheckPermissions */
$checkPermissionsService = GeneralUtility::makeInstance(CheckPermissions::class);

if ($checkPermissionsService->checkBackendUserFileAccess($this->originalFile)) {
return true;
}

$userFeGroups = !$this->feUser->user ? false : $this->feUser->groupData['uid'];

return $checkPermissionsService->checkFileAccess($this->originalFile, $userFeGroups);
Expand Down
27 changes: 25 additions & 2 deletions Classes/Middleware/EidFrontendAuthentication.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
use TYPO3\CMS\Backend\FrontendBackendUserAuthentication;
use TYPO3\CMS\Core\Authentication\AbstractUserAuthentication;
use TYPO3\CMS\Core\Context\Context;
use TYPO3\CMS\Core\Exception;
Expand Down Expand Up @@ -39,6 +40,9 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
if ($eID === null || !in_array($eID, ['dumpFile', 'FalSecuredownloadFileTreeState'])) {
return $handler->handle($request);
}

$GLOBALS['TYPO3_REQUEST'] = $request;

$frontendUser = GeneralUtility::makeInstance(FrontendUserAuthentication::class);

// List of page IDs where to look for frontend user records
Expand All @@ -53,8 +57,16 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface

// Register the frontend user as aspect and within the session
$this->setFrontendUserAspect($frontendUser);
$response = $handler->handle($request);
return $response;

$backendUserObject = GeneralUtility::makeInstance(FrontendBackendUserAuthentication::class);
$backendUserObject->start();
$backendUserObject->unpack_uc();
if (!empty($backendUserObject->user['uid'])) {
$backendUserObject->fetchGroupData();
}
$this->setBackendUserAspect($backendUserObject);

return $handler->handle($request);
}

/**
Expand All @@ -66,4 +78,15 @@ protected function setFrontendUserAspect(AbstractUserAuthentication $user)
{
$this->context->setAspect('beechit.user', GeneralUtility::makeInstance(UserAspect::class, $user));
}

/**
* Register the backend user as aspect
*
* @param AbstractUserAuthentication $user
*/
protected function setBackendUserAspect(AbstractUserAuthentication $user)
{
$this->context->setAspect('beechit.beuser', GeneralUtility::makeInstance(UserAspect::class, $user));
$GLOBALS['BE_USER'] = $user;
}
}
56 changes: 56 additions & 0 deletions Classes/Security/CheckPermissions.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,12 @@
use BeechIt\FalSecuredownload\Events\AddCustomGroupsEvent;
use BeechIt\FalSecuredownload\Service\Utility;
use Psr\EventDispatcher\EventDispatcherInterface;
use TYPO3\CMS\Backend\FrontendBackendUserAuthentication;
use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
use TYPO3\CMS\Core\Authentication\Mfa\MfaRequiredException;
use TYPO3\CMS\Core\Context\Context;
use TYPO3\CMS\Core\Context\UserAspect;
use TYPO3\CMS\Core\Resource\Exception\FolderDoesNotExistException;
use TYPO3\CMS\Core\Resource\File;
use TYPO3\CMS\Core\Resource\Folder;
use TYPO3\CMS\Core\Resource\FolderInterface;
Expand Down Expand Up @@ -78,6 +84,56 @@ public function checkFileAccessForCurrentFeUser($file)
return $this->checkFileAccess($file, $userFeGroups);
}

/**
* Check backend user file access
*
* @param File $file
* @return bool
*/
public function checkBackendUserFileAccess(File $file): bool
{
$backendUser = $GLOBALS['BE_USER'] ?? null;
if (!$backendUser instanceof BackendUserAuthentication || empty($backendUser->user['uid'])) {
return false;
}
if ($backendUser->isAdmin()) {
return true;
}
$resourceStorage = $file->getStorage();
$resourceStorage->setUserPermissions($GLOBALS['BE_USER']->getFilePermissionsForStorage($resourceStorage));
foreach ($GLOBALS['BE_USER']->getFileMountRecords() as $fileMountRow) {
if ((int)$fileMountRow['base'] === (int)$resourceStorage->getUid()) {
try {
$resourceStorage->addFileMount($fileMountRow['path'], $fileMountRow);
} catch (FolderDoesNotExistException $e) {
// That file mount does not seem to be valid, fail silently
}
}
}
$originalEvaluatePermissions = $resourceStorage->getEvaluatePermissions();
$resourceStorage->setEvaluatePermissions(true);
$access = $resourceStorage->checkFileActionPermission('read', $file);
$resourceStorage->setEvaluatePermissions($originalEvaluatePermissions);
return $access;
}

/**
* Get backend user object
*
* @return FrontendBackendUserAuthentication
* @throws MfaRequiredException
*/
protected function getBackendUser(): FrontendBackendUserAuthentication
{
$backendUserObject = GeneralUtility::makeInstance(FrontendBackendUserAuthentication::class);
$backendUserObject->start();
$backendUserObject->unpack_uc();
if (!empty($backendUserObject->user['uid'])) {
$backendUserObject->fetchGroupData();
}
return $backendUserObject;
}

/**
* Check file access for given FeGroups combination
*
Expand Down
2 changes: 1 addition & 1 deletion Classes/Service/LeafStateService.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ public function getLeafStateForUser(FrontendUserAuthentication $user, $folder)
*/
protected function getFolderState(FrontendUserAuthentication $user)
{
$folderStates = $user->getKey($user->user['uid'] ? 'user' : 'ses', 'LeafStateService');
$folderStates = $user->getKey(empty($user->user['uid']) ? 'ses' : 'user', 'LeafStateService');
if ($folderStates) {
$folderStates = unserialize($folderStates);
}
Expand Down
2 changes: 1 addition & 1 deletion ext_emconf.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
'author_company' => 'Beech.it',
'state' => 'stable',
'clearCacheOnLoad' => true,
'version' => '4.0.0',
'version' => '4.0.1',
'constraints' => [
'depends' => [
'typo3' => '11.5.0 - 11.5.99',
Expand Down